I was playing around with trying to figure out how my bank knows when to give me a two factor authentication prompt. I had originally thought it was based on my cookies and maybe my IP address. But ...

If we need to choose a vendor for the 2FA in our environment, what are the features that we should look for?
Our selection process depends on the functionality and usability they provide. But when I ...

I wonder how safe LastPass's grid authentication is. I take it that they have a copy of the authentication grid on their server. You are supposed to print the grid and carry it with you to any device ...

The Lastpass breach statement reassures folks who had two-factor authentication enabled and recommends it for all users. I also note that they explain that there is no evidence that the encrypted user ...

I am wondering if you need strong 1st factor (for theoretical correctness, please note it is the knowledge factor -- not necessarily a password, but definitely also includes strong passwords)?
What ...

I am evaluating an internal 2 factor authentication implementation in an organization. The system designer wants to remove regular user names and passwords from all user workstations such that each ...

CertiVox have designed a system with the aim of "getting rid of passwords".
Essentially the system authenticates users with two factors of authentication: A 4 digit PIN and a token stored within the ...

A friend of mine came to me for help with this issues. Her Gmail account has been hacked and keeps sending out spam emails to her contacts. This is happening to her on a monthly basis. Each time it ...

If someone gets my phone and saves the values my authenticator generates, will that person be able to find out the shared key, which he/she will be able to generate codes himself/herself?
If so, how ...

I am aiming to lock down a web service that accesses other services and has a publicly facing UI.
I have a hosted service on a network that requires 2-factor authentication to access. This service's ...

What would be a good way to authenticate a user to authenticate to websites and applications over a smart phone? By good, I mean that it is both secure, and user-friendly. Passwords don't seem to be ...

Take for example 1Password, that now can store your password and one time password secret in a single place (your 1Password vault).
I know it isn't truly two-factor anymore, but how much better is it ...

Some of our clients have started migrating to soft tokens instead of hardware ones for two-factor authentication to their network.
We have apps like RSA SecurID and VIP Access on our smartphones.
The ...

One of the benefits of using Software based Strong Authentication apps (e.g. RSA SecurID Software Tokens) is that if the device that is running the Token generation app is compromised or lost, the ID ...

For a lot of web services offering two factor authentication, after setting up the system, you are given a short list of backup codes (one-time pads) that are around 7-10 characters long. These are ...

An organization has all the regular controls you can think of for network and systems protection from the 10 security domains. External login access to the organization's services is protected with 2 ...

I recently installed Bitlocker on my Windows 8.1 machine, using only a password. I was thinking of getting something other than just a password for my storage drive, something physical, like a USB, SD ...

Google recently announced support for Universal 2nd Factor (U2F) authentication in Chrome and started allowing that authentication mechanism to be used for 2-factor authentication across their various ...

Google and Yubico just announced the availability of cryptographic security tokens following the FIDO U2F specification. Is this just another 2FA option, or is this significantly better than solutions ...

My company has a few dozen servers hosted on a cloud provider. All but one (OpenVPN host) is closed to the internet. We're using OpenVPN AS which uses certs + Google Authenticator for login.
We are ...

I was one of the people who thought that enabling 2-factor in Apple would have prevented the download of images from iCloud; it was recently pointed out to me that, in fact, I was gravely mistaken. ...

Does multi-factor authentication provide any additional security benefits on top of doing a better job at correctly identifying and authenticating users compared to single factor authentication? In ...